Fix CVE-2017-1000083. http://seclists.org/oss-sec/2017/q3/128 https://bugzilla.gnome.org/show_bug.cgi?id=784630 Patch copied from upstream source repository: https://git.gnome.org/browse/evince/commit/?id=717df38fd8509bf883b70d680c9b1b3cf36732ee From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Thu, 6 Jul 2017 20:02:00 +0200 Subject: comics: Remove support for tar and tar-like commands diff --git a/backend/comics/comics-document.c b/backend/comics/comics-document.c index 4c74731..641d785 100644 --- a/backend/comics/comics-document.c +++ b/backend/comics/comics-document.c @@ -56,8 +56,7 @@ typedef enum RARLABS, GNAUNRAR, UNZIP, - P7ZIP, - TAR + P7ZIP } ComicBookDecompressType; typedef struct _ComicsDocumentClass ComicsDocumentClass; @@ -117,9 +116,6 @@ static const ComicBookDecompressCommand command_usage_def[] = { /* 7zip */ {NULL , "%s l -- %s" , "%s x -y %s -o%s", FALSE, OFFSET_7Z}, - - /* tar */ - {"%s -xOf" , "%s -tf %s" , NULL , FALSE, NO_OFFSET} }; static GSList* get_supported_image_extensions (void); @@ -364,13 +360,6 @@ comics_check_decompress_command (gchar *mime_type, comics_document->command_usage = GNAUNRAR; return TRUE; } - comics_document->selected_command = - g_find_program_in_path ("bsdtar"); - if (comics_document->selected_command) { - comics_document->command_usage = TAR; - return TRUE; - } - } else if (g_content_type_is_a (mime_type, "application/x-cbz") || g_content_type_is_a (mime_type, "application/zip")) { /* InfoZIP's unzip program */ @@ -396,12 +385,6 @@ comics_check_decompress_command (gchar *mime_type, comics_document->command_usage = P7ZIP; return TRUE; } - comics_document->selected_command = - g_find_program_in_path ("bsdtar"); - if (comics_document->selected_command) { - comics_document->command_usage = TAR; - return TRUE; - } } else if (g_content_type_is_a (mime_type, "application/x-cb7") || g_content_type_is_a (mime_type, "application/x-7z-compressed")) { @@ -425,27 +408,6 @@ comics_check_decompress_command (gchar *mime_type, comics_document->command_usage = P7ZIP; return TRUE; } - comics_document->selected_command = - g_find_program_in_path ("bsdtar"); - if (comics_document->selected_command) { - comics_document->command_usage = TAR; - return TRUE; - } - } else if (g_content_type_is_a (mime_type, "application/x-cbt") || - g_content_type_is_a (mime_type, "application/x-tar")) { - /* tar utility (Tape ARchive) */ - comics_document->selected_command = - g_find_program_in_path ("tar"); - if (comics_document->selected_command) { - comics_document->command_usage = TAR; - return TRUE; - } - comics_document->selected_command = - g_find_program_in_path ("bsdtar"); - if (comics_document->selected_command) { - comics_document->command_usage = TAR; - return TRUE; - } } else { g_set_error (error, EV_DOCUMENT_ERROR, diff --git a/configure.ac b/configure.ac index 9e9f831..7eb0f1f 100644 --- a/configure.ac +++ b/configure.ac @@ -795,7 +795,7 @@ AC_SUBST(TIFF_MIME_TYPES) AC_SUBST(APPDATA_TIFF_MIME_TYPES) AM_SUBST_NOTMAKE(APPDATA_TIFF_MIME_TYPES) if test "x$enable_comics" = "xyes"; then - COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-cbt;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;application/x-ext-cbt" + COMICS_MIME_TYPES="application/x-cbr;application/x-cbz;application/x-cb7;application/x-ext-cbr;application/x-ext-cbz;application/vnd.comicbook+zip;application/x-ext-cb7;" APPDATA_COMICS_MIME_TYPES=$(echo "$COMICS_MIME_TYPES" | sed -e 's/;/<\/mimetype>\n /g') if test -z "$EVINCE_MIME_TYPES"; then EVINCE_MIME_TYPES="${COMICS_MIME_TYPES}" -- cgit v0.12